nixos/netbird: Allow running multiple netbird networks in parallel
This commit is contained in:
parent
f032654298
commit
c2d822e6b0
|
@ -165,6 +165,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
existing process, but will need to start that process from gdb (so it is a
|
existing process, but will need to start that process from gdb (so it is a
|
||||||
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
|
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
|
||||||
|
|
||||||
|
- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
|
||||||
|
|
||||||
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
||||||
`globalRedirect` can now have redirect codes other than 301 through
|
`globalRedirect` can now have redirect codes other than 301 through
|
||||||
`redirectCode`.
|
`redirectCode`.
|
||||||
|
|
56
nixos/modules/services/networking/netbird.md
Normal file
56
nixos/modules/services/networking/netbird.md
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# Netbird {#module-services-netbird}
|
||||||
|
|
||||||
|
## Quickstart {#module-services-netbird-quickstart}
|
||||||
|
|
||||||
|
The absolute minimal configuration for the netbird daemon looks like this:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
services.netbird.enable = true;
|
||||||
|
```
|
||||||
|
|
||||||
|
This will set up a netbird service listening on the port `51820` associated to the
|
||||||
|
`wt0` interface.
|
||||||
|
|
||||||
|
It is strictly equivalent to setting:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
services.netbird.tunnels.wt0.stateDir = "netbird";
|
||||||
|
```
|
||||||
|
|
||||||
|
The `enable` option is mainly kept for backward compatibility, as defining netbird
|
||||||
|
tunnels through the `tunnels` option is more expressive.
|
||||||
|
|
||||||
|
## Multiple connections setup {#module-services-netbird-multiple-connections}
|
||||||
|
|
||||||
|
Using the `services.netbird.tunnels` option, it is also possible to define more than
|
||||||
|
one netbird service running at the same time.
|
||||||
|
|
||||||
|
The following configuration will start a netbird daemon using the interface `wt1` and
|
||||||
|
the port 51830. Its configuration file will then be located at `/var/lib/netbird-wt1/config.json`.
|
||||||
|
|
||||||
|
```nix
|
||||||
|
services.netbird.tunnels = {
|
||||||
|
wt1 = {
|
||||||
|
port = 51830;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
To interact with it, you will need to specify the correct daemon address:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
netbird --daemon-addr unix:///var/run/netbird-wt1/sock ...
|
||||||
|
```
|
||||||
|
|
||||||
|
The address will by default be `unix:///var/run/netbird-<name>`.
|
||||||
|
|
||||||
|
It is also possible to overwrite default options passed to the service, for
|
||||||
|
example:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
services.netbird.tunnels.wt1.environment = {
|
||||||
|
NB_DAEMON_ADDR = "unix:///var/run/toto.sock"
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
This will set the socket to interact with the netbird service to `/var/run/toto.sock`.
|
|
@ -1,60 +1,171 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
with lib;
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.netbird;
|
inherit (lib)
|
||||||
|
attrNames
|
||||||
|
getExe
|
||||||
|
literalExpression
|
||||||
|
maintainers
|
||||||
|
mapAttrs'
|
||||||
|
mkDefault
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
mkMerge
|
||||||
|
mkOption
|
||||||
|
mkPackageOption
|
||||||
|
nameValuePair
|
||||||
|
optional
|
||||||
|
versionOlder
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (lib.types)
|
||||||
|
attrsOf
|
||||||
|
port
|
||||||
|
str
|
||||||
|
submodule
|
||||||
|
;
|
||||||
|
|
||||||
kernel = config.boot.kernelPackages;
|
kernel = config.boot.kernelPackages;
|
||||||
interfaceName = "wt0";
|
|
||||||
in {
|
cfg = config.services.netbird;
|
||||||
meta.maintainers = with maintainers; [ misuzu ];
|
in
|
||||||
|
{
|
||||||
|
meta.maintainers = with maintainers; [
|
||||||
|
misuzu
|
||||||
|
thubrecht
|
||||||
|
];
|
||||||
|
meta.doc = ./netbird.md;
|
||||||
|
|
||||||
options.services.netbird = {
|
options.services.netbird = {
|
||||||
enable = mkEnableOption (lib.mdDoc "Netbird daemon");
|
enable = mkEnableOption (lib.mdDoc "Netbird daemon");
|
||||||
package = mkPackageOption pkgs "netbird" { };
|
package = mkPackageOption pkgs "netbird" { };
|
||||||
|
|
||||||
|
tunnels = mkOption {
|
||||||
|
type = attrsOf (
|
||||||
|
submodule (
|
||||||
|
{ name, config, ... }:
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
port = mkOption {
|
||||||
|
type = port;
|
||||||
|
default = 51820;
|
||||||
|
description = ''
|
||||||
|
Port for the ${name} netbird interface.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
environment = mkOption {
|
||||||
|
type = attrsOf str;
|
||||||
|
defaultText = literalExpression ''
|
||||||
|
{
|
||||||
|
NB_CONFIG = "/var/lib/''${stateDir}/config.json";
|
||||||
|
NB_LOG_FILE = "console";
|
||||||
|
NB_WIREGUARD_PORT = builtins.toString port;
|
||||||
|
NB_INTERFACE_NAME = name;
|
||||||
|
NB_DAMEON_ADDR = "/var/run/''${stateDir}"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Environment for the netbird service, used to pass configuration options.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
stateDir = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "netbird-${name}";
|
||||||
|
description = ''
|
||||||
|
Directory storing the netbird configuration.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config.environment = builtins.mapAttrs (_: mkDefault) {
|
||||||
|
NB_CONFIG = "/var/lib/${config.stateDir}/config.json";
|
||||||
|
NB_LOG_FILE = "console";
|
||||||
|
NB_WIREGUARD_PORT = builtins.toString config.port;
|
||||||
|
NB_INTERFACE_NAME = name;
|
||||||
|
NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
)
|
||||||
|
);
|
||||||
|
default = { };
|
||||||
|
description = ''
|
||||||
|
Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkMerge [
|
||||||
|
(mkIf cfg.enable {
|
||||||
|
# For backwards compatibility
|
||||||
|
services.netbird.tunnels.wt0.stateDir = "netbird";
|
||||||
|
})
|
||||||
|
|
||||||
|
(mkIf (cfg.tunnels != { }) {
|
||||||
boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
|
boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
networking.dhcpcd.denyInterfaces = [ interfaceName ];
|
networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels;
|
||||||
|
|
||||||
systemd.network.networks."50-netbird" = mkIf config.networking.useNetworkd {
|
systemd.network.networks = mkIf config.networking.useNetworkd (
|
||||||
|
mapAttrs'
|
||||||
|
(
|
||||||
|
name: _:
|
||||||
|
nameValuePair "50-netbird-${name}" {
|
||||||
matchConfig = {
|
matchConfig = {
|
||||||
Name = interfaceName;
|
Name = name;
|
||||||
};
|
};
|
||||||
linkConfig = {
|
linkConfig = {
|
||||||
Unmanaged = true;
|
Unmanaged = true;
|
||||||
ActivationPolicy = "manual";
|
ActivationPolicy = "manual";
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
)
|
||||||
|
cfg.tunnels
|
||||||
|
);
|
||||||
|
|
||||||
systemd.services.netbird = {
|
systemd.services =
|
||||||
|
mapAttrs'
|
||||||
|
(
|
||||||
|
name:
|
||||||
|
{ environment, stateDir, ... }:
|
||||||
|
nameValuePair "netbird-${name}" {
|
||||||
description = "A WireGuard-based mesh network that connects your devices into a single private network";
|
description = "A WireGuard-based mesh network that connects your devices into a single private network";
|
||||||
|
|
||||||
documentation = [ "https://netbird.io/docs/" ];
|
documentation = [ "https://netbird.io/docs/" ];
|
||||||
|
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [
|
|
||||||
openresolv
|
path = with pkgs; [ openresolv ];
|
||||||
];
|
|
||||||
|
inherit environment;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Environment = [
|
ExecStart = "${getExe cfg.package} service run";
|
||||||
"NB_CONFIG=/var/lib/netbird/config.json"
|
|
||||||
"NB_LOG_FILE=console"
|
|
||||||
];
|
|
||||||
ExecStart = "${cfg.package}/bin/netbird service run";
|
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RuntimeDirectory = "netbird";
|
RuntimeDirectory = stateDir;
|
||||||
StateDirectory = "netbird";
|
StateDirectory = stateDir;
|
||||||
WorkingDirectory = "/var/lib/netbird";
|
StateDirectoryMode = "0700";
|
||||||
|
WorkingDirectory = "/var/lib/${stateDir}";
|
||||||
};
|
};
|
||||||
|
|
||||||
unitConfig = {
|
unitConfig = {
|
||||||
StartLimitInterval = 5;
|
StartLimitInterval = 5;
|
||||||
StartLimitBurst = 10;
|
StartLimitBurst = 10;
|
||||||
};
|
};
|
||||||
|
|
||||||
stopIfChanged = false;
|
stopIfChanged = false;
|
||||||
};
|
}
|
||||||
};
|
)
|
||||||
|
cfg.tunnels;
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user